ecco 2006 baker & mckenzie international is a swiss verein with member law firms around the...
Post on 04-Jan-2016
219 Views
Preview:
TRANSCRIPT
ECCO 2006
Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm.
Mark D. Menefee
Technology Transfer Liability Under EAR and ITAR
May 23, 2006
©2005 Baker & McKenzie 2
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Definitions Export Administration Regulations:
• “Export” is the actual shipment or transmission of items out of the U.S. Section 734.2(b)(1).
• “Deemed export” is defined in Section 734.2(b)(2)(ii) of the EAR as follows:
Any release of technology or source code subject to the EAR to a foreign national. Such release is deemed to be an export to the home country or countries of the foreign national.
©2005 Baker & McKenzie 3
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Export Administration Regulations:
The deemed export rule does not apply to persons who are lawfully admitted to the U.S. or who are protected individuals under the Immigration and Naturalization Act.
©2005 Baker & McKenzie 4
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Definitions
International Traffic in Arms Regulations:
• The ITAR do not use the phrase “deemed export”• ITAR Section 120.17(a) defines “export” to include:
(4) Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad….
©2005 Baker & McKenzie 5
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Leading Enforcement Cases
• EAR: Suntek Microwave (criminal)
• EAR: Pratt & Whitney (civil)
• ITAR: General Motors/General Dynamics
(civil)
©2005 Baker & McKenzie 6
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Leading Enforcement Cases
Bear in mind the different enforcement contexts of these cases.
Suntek = criminal case fully investigated in the field by means of search warrants and grand jury subpoenas
Pratt & Whitney = administrative case voluntarily disclosed to OEE
General Motors/General Dynamics = administrative case based upon companies’ internal investigations and “directed disclosures” required by the DDTC
©2005 Baker & McKenzie 7
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Suntek Microwave, Inc. and Charlie Kuan (president of Suntek)
Transfer of controlled technology for detector log video amplifiers (DLVAs) to Chinese nationals for the purpose of transferring manufacturing technology to Chengdu Jeway Microwave telecommunications Co., Ltd., Suntek’s primary shareholder and a company known to have been controlled by the PRC Government.
©2005 Baker & McKenzie 8
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Suntek Microwave, Inc. and Charlie Kuan
• Guilty Plea – Unauthorized export of technology to PRC – False and misleading statement on SED – Release of controlled technology to a foreign national
• Criminal fine: $339,000 • Imprisonment: awaiting sentencing
• Civil penalty: – Kuan: $187,000 (suspended), 20 year export denial – Suntek: $275,000 (suspended)
U.S. v. Charlie Kuan (pres. of Suntek Microwave, Inc.), unsealed Oct. 21, 2003
©2005 Baker & McKenzie 9
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Suntek Microwave, Inc. and Charlie Kuan
• Surveillance• Review of shipping and documents and travel records• Search warrants at offices and residences• Grand jury subpoenas
Criminal investigation by Office of Export Enforcement involved:
©2005 Baker & McKenzie 10
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Suntek Microwave, Inc. and Charlie KuanAUSA Jeff Nedrow chose to charge deemed export violations over violations for the export of physical DLVAs based on the relative strengths of the evidence:
Deemed exports – revealed by correspondence seized during search warrant
versus
Physical exports – no shipping documents because equipment was hand carried on flights from the US to PRC
©2005 Baker & McKenzie 11
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
In the Matter of Pratt & Whitney, June 24, 2004
• Civil penalty: $150,000• Voluntary Self-Disclosure to OEE• Unauthorized exports of technical data
– 2E003 (material coating)– 9E003 (gas turbine engine components)
• Unauthorized deemed exports of software (Netherlands)– 2D001, 2D002, 3D003
©2005 Baker & McKenzie 12
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Pratt & Whitney
• Exported technical data on 10 occasions to Japan & Singapore with knowledge that violations would occur (licenses expired)
– China, Japan, and Singapore• Exported technical data on 17 occasions to PRC, Germany & Singapore• Deemed exports in U.S. to foreign nationals from:
– Germany, the Netherlands, and Spain.• Deemed export to Germany with knowledge that a violation was to occur
(license expired)• Record keeping violations alleged (missing bills of lading & air waybills)
©2005 Baker & McKenzie 13
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
In the matter of General Motors Corp. and General Dynamics Corp., Nov. 1, 2004
• $20 million in fines and required compliance measures
• Light Armored Vehicles (ITAR Cat. VII) • Unauthorized exports of technical data, defense
services and defense articles • To foreign person employees, including those of
proscribed countries
©2005 Baker & McKenzie 14
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
“Part III – Unauthorized Access to ITAR Controlled Technical Data Contained in GM’s Electronic Databases”
©2005 Baker & McKenzie 15
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Draft Charging Letter:
(22) GM’s final disclosure stated that many of its engineering and other technical program support personnel, to include foreign persons from proscribed countries and other foreign or dual nationals, ‘had computers and access to various programs and/or drives on which most of the GM Defense Technical data required by particular departments (e.g., reliability and maintainability data) was located.’ Thus, they technically ‘had access’ to that data.” (emphasis supplied)
Question: Why use the qualifier “technically”?
©2005 Baker & McKenzie 16
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
A footnote to the quoted language from Draft Charging Letter paragraph (22) indicates GM described the facts somewhat differently:
GM’s disclosure stated, “the objective of this investigation, however, was not to identify the proscribed nationals and other foreign or dual nationals who theoretically could access data. Rather, we attempted to determine which individuals actually accessed U.S. technical data, and the data they accessed.” (emphasis supplied)
©2005 Baker & McKenzie 17
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Draft Charging Letter paragraph (22) quotes from a GM email:“James tells me everybody with a GM-issued computer anywhere in the world has access to IDOCS. Because this suggests export control exposure, I’d appreciate an estimate of when access will be restricted to GMD employees” (emphasis supplied)
©2005 Baker & McKenzie 18
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Draft Charging Letter paragraph (22) quotes from a second GM email:
“GM Defense operates a system called AMAPS in which manufacturing information for defense articles is stored. It is not certain if these data constitute technical data under the meaning of the term ITAR. GM Defense also operates systems called IDOCS in which engineering drawings for defense articles are stored. IDOCS contains over one million documents…300,000 are directly related to defense articles.” (emphasis supplied)
©2005 Baker & McKenzie 19
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Question: How did GM and DDTC determine what constituted a violation:• “Had access to data” or • “Actually accessed data”?
©2005 Baker & McKenzie 20
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Draft Charging Letter paragraph alleged that GM committed 197 violations of ITAR related to the unauthorized transfer of technical data to employees.
Violations fall into various categories:• “Failed to inform DDTC of the actual transfer of technical
data” (13 charges)
©2005 Baker & McKenzie 21
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
• “Provided technical data related to Light Armored Vehicles” (13 charges)
• “Willfully caused, or aided and abetted, the commission of an act prohibited by [AECA or ITAR] by providing technical data” (13 charges)
• “Disclosed without State Department authorization U.S. technical data” (54 charges)
©2005 Baker & McKenzie 22
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Violations fall into various categories: • “Provided unauthorized access to U.S. technical data”…
by failing to account for the acts of its employees…to whom licensed defense articles or technical data has been entrusted regarding the operation, use, possession, transportation, and handling of such defense article or technical data.” (54 charges)
• “Disclosed without the Department’s authorization U.S. technical data” (50 charges) (emphasis supplied)
©2005 Baker & McKenzie 23
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Note: All charges alleged in the Draft Charging Letter used action verbs.
Question: Did GM or DDTC match the 197 unauthorized employees to particular documents found in the database containing over 1 million or 300,000 documents?
©2005 Baker & McKenzie 24
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Please recall that ITAR Section 120.17(a)(4) defines “export” to include:
Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person person, whether in the United States or abroad….(emphasis supplied)
©2005 Baker & McKenzie 25
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Hypothesis – DDTC interprets ITAR to mean that
Allowing employees to “have access” to a database containing controlled technical data constitutes an illegal act of commission, not an act of omission.
In other words, by not preventing unauthorized employees from having access to controlled technical data in a database, a company has “disclosed” or “transferred” that data to the employees.
©2005 Baker & McKenzie 26
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
Implicit rule of evidence:
DDTC does not believe it has to prove that a particular employee actually accessed a particular item controlled technical data at a specific date and time.
DDTC believes it only has to establish that a company allowed a situation to occur where it was possible for an unauthorized employee to “have access” to controlled technical data.
©2005 Baker & McKenzie 27
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
GM/GD
• Hypothetical question: What if a company had a database featuring a relatively simple version of password protection and an unauthorized employee hacked into the database?
©2005 Baker & McKenzie 28
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Different enforcement contexts present
different lessons to be learned Criminal case –
• Deemed export violations are only one of several options that could be charged
• Strength of evidence is the key to deciding what to charge
• It is likely that criminal deemed export charges will occur in conjunction with factually related equipment charges
©2005 Baker & McKenzie 29
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Different lessons
• Results:1.Relatively few alleged violations;
2.Backed by strong evidence;
3.Devastating penalties against company and individual
©2005 Baker & McKenzie 30
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Different lessons
Administrative case –
• Cooperative respondent – strongly motivated to produce documents not otherwise obtainable, or readily obtainable, by enforcement authorities in the hope of leniency
• Wealth of evidence -- enables prosecutor to articulate specific, nuanced charges that closely fit complex regulations
©2005 Baker & McKenzie 31
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Different lessons
• Results:1.Numerous violations
2.Nuanced interpretations of the regulations – as determined by the agency
3.Significant penalties – but the company probably survives
©2005 Baker & McKenzie 32
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Different lessons
Double standard or just different situations?
Company settling administrative charges: potential access = illegal technology transfer to its own employees?
Company fighting criminal charges: indicted for conspiracy to export equipment rather then deemed export?
It depends on the evidence.
©2005 Baker & McKenzie 33
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Implications for your compliance programs • Criminal deemed export prosecutions have a devastating impact• Administrative settlements likely will allow your organization to survive• Having and adhering to a compliance program – even if it occasionally
fails -- is a major factor in the decision whether or not to prosecute criminal charges
• But the test will be how effective, really, is your compliance program?• Use enforcement cases, especially administrative ones, as
benchmarks for updating your compliance program
©2005 Baker & McKenzie 34
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
What about internal investigations and
cooperation with enforcement authorities? • You must have access to all data.• Handle employees with care: Separate counsel?
Privacy laws?• Understand the applicable regulations, and how the
agencies interpret them.• Prompt and accurate reporting to the decision makers:
“What have we got here?“• The Big Decision: Disclose to law enforcement or not?
©2005 Baker & McKenzie 35
ECCO 2006 – Technology Transfer Liability Under EAR and ITAR
Thank you!
Mark D. MenefeeOf CounselBaker & McKenzie LLP815 Connecticut Avenue, N.W.Washington, D.C. 20006-4078Tel: +1 202 835 4254Mobile: +1 202 375 3051Fax: +1 202 452 7074mark.d.menefee@bakernet.com
top related